Russian hackers released Wednesday night another batch of Olympians’ medical records stolen from the World Anti-Doping Agency, including information on 10 American athletes.
That and other breaches at the DNC, state election systems and an alleged NSA hack raise concerns about vulnerabilities in U.S. computer networks.
Servers often contain account numbers, medical records and other sensitive information collected by businesses and government agencies, making them targets for hackers. According to one security expert, cybercrime is now more lucrative than the illicit drug trade, reports CBS News correspondent Michelle Miller.
Dan Larson, technical director at Crowdstrike, is in a race to outsmart the hackers.
“The old model of trying to rely on anti-virus and firewalls — the bad guys are running circles around that stuff,” Larson said. “The total amount of cyber threat risk — it’s projected to be above 10 trillion in the next few years.”
Larson’s company investigated the attack on the DNC network, and found a sophisticated code they believe points to Russian intelligence agencies because of how the code was behaving.
“It did a lot of checking to see if a security product was checking it,” Larson said. “They were always looking over their shoulder. The time to develop a little piece of code like that, it had to be a well-funded, professional, full-time hacking organization.”
Larson said those hackers — known as “fancy bear” and “cozy bear” — used a classic technique called “spearphishing” to gain access to DNC computers.
CIA director “wouldn’t be surprised” by more hacks on election system
FBI has found hackers accessed two states’ election databases
He showed us how it worked on a computer under attack from an actual hacker. A victim receives an email that looks legitimate, but actually contains links to a website designed to steal passwords and other important data. It takes under three minutes.
“So he’s done. Mission accomplished,” Larson said.
Larson said security firms are now using advanced algorithms and profiling to keep up with hackers who are constantly coming up with new tricks.
When major corporations and government agencies are attacked, personal information on millions of Americans can be compromised.
“I think it’s a bit of a wakeup call. I hope when stuff like that gets on the news, people see it as an opportunity to increase their own security,” Larson said.
Larson said to be wary of emails marked “urgent” or claiming to be from the IRS, which are red flags. Another help trick is to click on the sender’s email address. If it’s not from the company it claims to be from, it is probably fake.